19.04.2023
ubiquiti
LANCOM
MicroTik
Securepoint
Watchguard
ubiquiti
Funkwerk
Cisco
AVM
NetGear
LevelOne
Siemens
Telekom Speedport/Digibox
ZyXEL
PC Engines
sonstiges
MicroTik
Securepoint
Watchguard
ubiquiti
Funkwerk
Cisco
AVM
NetGear
LevelOne
Siemens
Telekom Speedport/Digibox
ZyXEL
PC Engines
sonstiges
Links
ubiquiti
ubnt Community
EdgeMAX Help Center
Grundkonfiguration
| Default Einstellung | |
|---|---|
| IP-Adresse | 192.168.1.1 |
| User | ubnt |
| Passwort | ubnt |
| Schnittstelle | eth0 |
VPN
OpenVPN Server auf einem EdgeMax Router mit mehreren WANs
EdgeMAX: OpenVPN Site-to-Site
| Router 1 | Router 2 |
|---|---|
| system1.dyndns.com | system2.dyndns.com |
| Internal IP: 192.168.1.1 | Internal IP: 192.168.2.1 |
auf Router 1
- auf der Kommandozeile den SSH Key generieren
generate vpn openvpn-key /config/auth/secret
- Key auf zweiten Router transferieren
sudo scp /config/auth/secret ubnt@system2.dyndns.com:/config/auth/secret
- Zugriffsberechtigungen für die KeyDatei setzen
chmod 600 /config/auth/secret
- in den Configuration Mode wechseln
configure
- OpenVPN vtun0 Device erstellen
set interfaces openvpn vtun0 set interfaces openvpn vtun0 mode site-to-site
- OpenVPN Ports konfigurieren
set interfaces openvpn vtun0 local-port 1194 set interfaces openvpn vtun0 remote-port 1194
- Locale Adresse für OpenVPN setzen
set interfaces openvpn vtun0 local-address 10.99.99.1
- Remote Adresse für OpenVPN setzen
set interfaces openvpn vtun0 remote-address 10.99.99.2
- Remote WAN Adresse setzen
set interfaces openvpn vtun0 remote-host system2.dyndns.com
- OpenVPN secret Datei setzen
set interfaces openvpn vtun0 shared-secret-key-file /config/auth/secret
- OpenVPN Kompression aktivieren
set interfaces openvpn vtun0 openvpn-option "--comp-lzo"
- OpenVPN Optionen setzen
set interfaces openvpn vtun0 openvpn-option "--float" set interfaces openvpn vtun0 openvpn-option "--ping 10" set interfaces openvpn vtun0 openvpn-option "--ping-restart 20" set interfaces openvpn vtun0 openvpn-option "--ping-timer-rem" set interfaces openvpn vtun0 openvpn-option "--persist-tun" set interfaces openvpn vtun0 openvpn-option "--persist-key" set interfaces openvpn vtun0 openvpn-option "--user nobody" set interfaces openvpn vtun0 openvpn-option "--group nogroup"
- Remote Subnet setzen
set protocols static interface-route 192.168.2.0/24 next-hop-interface vtun0
- Konfiguration abschliessen und Configuration Mode verlassen
commit save exit
auf Router 2 gleichen Einstellungen setzen
configure set interfaces openvpn vtun0 set interfaces openvpn vtun0 mode site-to-site set interfaces openvpn vtun0 local-port 1194 set interfaces openvpn vtun0 remote-port 1194 set interfaces openvpn vtun0 local-address 10.99.99.2 set interfaces openvpn vtun0 remote-address 10.99.99.1 set interfaces openvpn vtun0 remote-host system1.dyndns.com set interfaces openvpn vtun0 shared-secret-key-file /config/auth/secret set interfaces openvpn vtun0 openvpn-option "--comp-lzo" set interfaces openvpn vtun0 openvpn-option "--float" set interfaces openvpn vtun0 openvpn-option "--ping 10" set interfaces openvpn vtun0 openvpn-option "--ping-restart 20" set interfaces openvpn vtun0 openvpn-option "--ping-timer-rem" set interfaces openvpn vtun0 openvpn-option "--persist-tun" set interfaces openvpn vtun0 openvpn-option "--persist-key" set interfaces openvpn vtun0 openvpn-option "--user nobody" set interfaces openvpn vtun0 openvpn-option "--group nogroup" set protocols static interface-route 192.168.1.0/24 next-hop-interface vtun0 commit save exit
TunnelVerbindung testen
show interfaces openvpn show interfaces openvpn detail show openvpn status site-to-site
- Tunnel resetten
reset openvpn interface vtun0
sonstiges